High severity vulnerabilities in transitive dependencies (qs, jws)

## Summary

`netlify-cli@23.13.0` has two high-severity vulnerabilities in transitive dependencies flagged by npm audit and GitHub Dependabot.

## Vulnerabilities

| Package | Current | Fixed | Severity | Advisory |
|---------|---------|-------|----------|----------|
| `qs` | 6.13.0 | >= 6.14.1 | High | [GHSA-869p-cjfg-cm3x](https://github.com/advisories/GHSA-6rw7-vpxm-498p) - DoS via memory exhaustion |
| `jws` | 3.2.2 | >= 3.2.3 | High | [GHSA-869p-cjfg-cm3x](https://github.com/advisories/GHSA-869p-cjfg-cm3x) - Improper HMAC signature verification |

## Dependency Chain

```
netlify-cli@23.13.0
├─┬ express@4.21.2
│ ├─┬ body-parser@1.20.3
│ │ └── qs@6.13.0
│ └── qs@6.13.0
└─┬ jsonwebtoken@9.0.2
  └── jws@3.2.2
```

## Request

Please update the upstream dependencies to resolve these vulnerabilities:
- Update `express` to a version that uses `qs >= 6.14.1`
- Update `jsonwebtoken` to a version that uses `jws >= 3.2.3`

## Environment

- netlify-cli version: 23.13.0
- Node.js version: 20.x
- npm version: 10.x

Thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High severity vulnerabilities in transitive dependencies (qs, jws) #7841

Summary

Vulnerabilities

Dependency Chain

Request

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Package	Current	Fixed	Severity	Advisory
`qs`	6.13.0	>= 6.14.1	High	GHSA-869p-cjfg-cm3x - DoS via memory exhaustion
`jws`	3.2.2	>= 3.2.3	High	GHSA-869p-cjfg-cm3x - Improper HMAC signature verification

High severity vulnerabilities in transitive dependencies (qs, jws) #7841

Description

Summary

Vulnerabilities

Dependency Chain

Request

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions